Hacker News new | past | comments | ask | show | jobs | submit login

Excellent! Part of me wants to have a play and see how closely I can get a PHP/FPM/nginx to resemble my Python/uWSGI Emperor/nginx stack.

You can do stuff like include /srv/*/pool.ini, right?




Yes you can. Dotdeb's php-fpm.ini even includes this line by default:

    ; To configure the pools it is recommended to have one .conf file per
    ; pool in the following directory:
    include=/etc/php5/fpm/pool.d/*.conf
Then you could configure ENV inside FPM pool using the env directive:

    env[DB_HOST] = localhost
    env[DB_USER] = foobar
    env[DB_PASSWORD] = foobar
...and use something like this in e.g. Wordpress config:

    define('DB_NAME', getenv('DB_NAME'));
    define('DB_USER', getenv('DB_USER'));
    define('DB_PASSWORD', getenv('DB_PASSWORD'));
The biggest caveat is you MUST disable phpinfo()

    php_value[disable_functions] = phpinfo
Otherwise these ENV will shown up in any page that calls phpinfo();


That's pretty handy. Didn't think about the phpinfo thing, actually, though in all fairness if they managed to upload any PHP files you're rather screwed. I think the way to be secure would be to not actually serve PHP files in the document root and instead have nginx proxy / directly to the FPM pool, and just alias your static files over, much as one would with Django.


If you wanna see php done right, forget about all the crap you have seen and take a look at symfony.com. It has great docs, that focus on teaching web development (not just a framework) and all these sysadmin best practices like how to set the permissions, etc. Trust me, I have used every popular framework (including Rails and Django), and Symfony2 has nothing to envy.


uWSGI is capable of serving PHP, mind.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: